[PATCH v4 5/6] tpm: unify the eventlog initialization

Ludwig Nussel ludwig.nussel at siemens.com
Mon Jun 29 10:01:04 CEST 2026 

From: Ilias Apalodimas <ilias.apalodimas at linaro.org>

When measured boot is enabled the EFI code is trying to initialize the
eventlog using tcg2_log_prepare_buffer() and then adds an EV_S_CRTM_VERSION
by calling efi_append_scrtm_version().

Part of the EFI code was moved to the TPM core so bootm, booti etc can use
it. A similar function called tcg2_measurement_init() function was added
which is doing the same thing.

A previous patch is unifying the internal eventlog structure we use
whether the measurements are done via EFI TCG spec, or the bootX commands.

There's a minor difference between the EFI code and the TPM one.
The EFI part is appending events to the log using tcg2_agile_log_append(),
while the TPM core calls tcg2_log_append_check(). The reason for that is
that the EFI spec expects certain error codes and actions when
GetEventLog has been called or the log buffer is full. Since this is the
first event we add, the functions above will behave identically. On top
of that I plan to unify those as well.

So for now get rid of the efi_append_scrtm_version() and call
tcg2_measurement_init() from EFI as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Signed-off-by: Ludwig Nussel <ludwig.nussel at siemens.com>
---

(no changes since v1)

 include/tpm_tcg2.h        | 20 --------------------
 lib/efi_loader/efi_tcg2.c | 36 ++----------------------------------
 lib/tpm_tcg2.c            | 21 +++++++++++++++++++--
 3 files changed, 21 insertions(+), 56 deletions(-)

diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h
index e954a276ecd..387073fd8a2 100644
--- a/include/tpm_tcg2.h
+++ b/include/tpm_tcg2.h
@@ -279,26 +279,6 @@ int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog,
 	tcg2_measure_data(dev, elog, pcr_index, 0, NULL, event_type, size, \
 			  event)
 
-/**
- * Prepare the event log buffer. This function tries to discover an existing
- * event log in memory from a previous bootloader stage. If such a log exists
- * and the PCRs are not extended, the log is "replayed" to extend the PCRs.
- * If no log is discovered, create the log header.
- *
- * @dev			TPM device
- * @elog		Platform event log. The log pointer and log_size
- *			members must be initialized to either 0 or to a valid
- *			memory region, in which case any existing log
- *			discovered will be copied to the specified memory
- *			region.
- * @ignore_existing_log	Boolean to indicate whether or not to ignore an
- *			existing platform log in memory
- *
- * Return: zero on success, negative errno otherwise
- */
-int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
-			    bool ignore_existing_log);
-
 /**
  * Begin measurements.
  *
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 85e7ecd0583..1da0bc37fa1 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -859,24 +859,6 @@ out:
 	return ret;
 }
 
-/**
- * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the
- *			      eventlog and extend the PCRs
- *
- * @dev:	TPM device
- *
- * @Return:	status code
- */
-static efi_status_t efi_append_scrtm_version(struct udevice *dev)
-{
-	efi_status_t ret;
-
-	ret = measure_event(dev, 0, EV_S_CRTM_VERSION,
-			    strlen(version_string) + 1, (u8 *)version_string);
-
-	return ret;
-}
-
 /**
  * efi_init_event_log() - initialize an eventlog
  *
@@ -888,7 +870,6 @@ static efi_status_t efi_init_event_log(void)
 	 * vendor_info_size is currently set to 0, we need to change the length
 	 * and allocate the flexible array member if this changes
 	 */
-	struct tcg2_event_log elog;
 	struct udevice *dev;
 	efi_status_t ret;
 	int rc;
@@ -922,26 +903,13 @@ static efi_status_t efi_init_event_log(void)
 	 * Check if earlier firmware have passed any eventlog. Different
 	 * platforms can use different ways to do so.
 	 */
-	elog.log = event_log.log;
-	elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
-	rc = tcg2_log_prepare_buffer(dev, &elog, false);
+	event_log.log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
+	rc = tcg2_measurement_init(dev, &event_log, false);
 	if (rc) {
 		ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR;
 		goto free_pool;
 	}
 
-	event_log.log_position = elog.log_position;
-
-	/*
-	 * Add SCRTM version to the log if previous firmmware
-	 * doesn't pass an eventlog.
-	 */
-	if (!elog.found) {
-		ret = efi_append_scrtm_version(dev);
-		if (ret != EFI_SUCCESS)
-			goto free_pool;
-	}
-
 	ret = create_final_event();
 	if (ret != EFI_SUCCESS)
 		goto free_pool;
diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index 2270b038cf5..e8fa7db5b06 100644
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -564,8 +564,25 @@ int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog,
 				     event_size, event);
 }
 
-int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
-			    bool ignore_existing_log)
+/**
+ * Prepare the event log buffer. This function tries to discover an existing
+ * event log in memory from a previous bootloader stage. If such a log exists
+ * and the PCRs are not extended, the log is "replayed" to extend the PCRs.
+ * If no log is discovered, create the log header.
+ *
+ * @dev			TPM device
+ * @elog		Platform event log. The log pointer and log_size
+ *			members must be initialized to either 0 or to a valid
+ *			memory region, in which case any existing log
+ *			discovered will be copied to the specified memory
+ *			region.
+ * @ignore_existing_log	Boolean to indicate whether or not to ignore an
+ *			existing platform log in memory
+ *
+ * Return: zero on success, negative errno otherwise
+ */
+static int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
+				   bool ignore_existing_log)
 {
 	struct tcg2_event_log log = {};
 	int rc;
-- 
2.43.0

More information about the U-Boot mailing list